Enable masquerade on eth1 to rewrite the source address on outgoing packets. If you truly want symmetric NAT, you'll need the --random at the end: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE --random Configure forwarding rules. By default, iptables will forward all traffic unconditionally.

# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT # /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT You should now be NATing. You can test this by pinging an external address from one of your internal hosts. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE The “liberal” form is better for temporary connections: MASQUERADE automatically chooses address Jun 16, 2020 · The iptables is the most useful and powerful tool for the Linux operating system; it has all capabilities what having a typical firewall. It is a handy utility for every Linux administrator or engineers, and mostly we have to work with it daily. If you want to know more about iptables you can go through the iptables manual page: Feb 01, 2010 · This is only valid if the rule also specifies -p tcp or -p udp. The OUTPUT chain example: iptables -t nat -I OUTPUT --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123. iptables -t nat -I OUTPUT --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123.

The iptables service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, 192.168.0.1). Domain names (for example, host.example.com) in such rules produce errors.

Note that this is not limited to the internet network masquerade/NAT can be used to route traffic from one network to an other let say 10.0.0.0/24 and 192.168.0.0/24 . Iptables masquerade rule can be replaced with SNAT rule. iptables -t nat -A POSTROUTING -o eth2 -s 10.0.0.0/24 -j MASQUERADE =

linux - Iptables NAT one-to-one - Stack Overflow iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 36 packets, 2476 bytes) pkts bytes target prot opt in out source destination 8 528 DNAT all -- eth0 * 0.0.0.0/0 172.10.1.101 to:192.168.1.10 Chain INPUT (policy ACCEPT 36 packets, 2476 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 195 packets, 14344